Vulnerability Description
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sylabs | Singularity | >= 3.3.0, <= 3.5.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- https://github.com/sylabs/singularity/releases/tag/v3.5.2Release NotesThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- https://github.com/sylabs/singularity/releases/tag/v3.5.2Release NotesThird Party Advisory
FAQ
What is CVE-2019-19724?
CVE-2019-19724 is a vulnerability with a CVSS score of 7.5 (HIGH). Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of op...
How severe is CVE-2019-19724?
CVE-2019-19724 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19724?
Check the references section above for vendor advisories and patch information. Affected products include: Sylabs Singularity.